allentech.net

Home > Browser Parasites > Parasite Database > SpecialOffers

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: SpecialOffers

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

SpecialOffers is a simple adware process run at startup, controlled by A Simple Internet (asimpleinternet.com) at the server www.specialoffersnetwork.com.

Variants

SpecialOffers/v1, v2, v3 and v4, having filenames specialoffers.exe, specialoffers2.exe, specialoffers3.exe and specialoffers4.exe, all stored in the Windows folder.

Also known as

ContextServer or CSClient, its internal name.

Distribution

Installed in a bundle with the EasySearchBar parasite, and possibly parasites. Certainly SpecialOffers is closely related to Alcena (authors of EasySearchBar); it appears to be capable of connecting to their FTP server.

What it does

Advertising

Yes. Opens periodic pop-up advertising during web browser use.

Privacy violation

Yes. Passes URLs of pages viewed to its controlling server with a trackable user ID.

Security issues

Yes. Can silently download and execute arbitrary code as directed by its controlling server, as an update mechanism.

Stability problems

None known.

Removal

The ‘SpecialOffers!’ entry in the Control Panel’s Add/Remove Programs function should stop the program from running. You can then delete the files, as below.

Manual removal

Open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’) and select the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. On the right-hand side, right-click-and-delete the ‘SpecialOffers’ entry pointing at specialoffers.exe, specialoffers2.exe, specialoffers3.exe or specialoffers4.exe.

Restart the computer and you should be able to delete the EXE file with this name from the Windows folder, along with the files cs_log.txt, cs_base.html, cs_popup.html and so_remove.exe. You can also delete the registry key HKEY_CURRENT_USER\Software\SpecialOffersNetworks to clear up if you like.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top